Release 1.2.2 with some minor fuzzing fixes

samtools · Apr 1, 2022 · 1395d73 · 1395d73
1 parent 4d4aba9
commit 1395d73
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,40 @@
+Release 1.2.2: 1st April 2022
+-----------------------------
+
+This release contains some fixes found during fuzzing with Clang's
+memory-sanitizer.  None of these are involving writing memory so there
+is no possibility for code execution vulnerabilities.  However some do
+could access uninitialised elements in locally allocated memory, which
+could leak private data if the library was used in conjunction with
+other tools which don't zero sensitive data before freeing.
+
+Bug fixes:
+
+- The name tokeniser now validates the stored length in the data
+  stream matches the actual decoded length.  Discovered by Taotao Gu.
+
+- Fixed an endless loop in arith_dynamic and rans4x16pr involving
+  X_STRIPE with 0 stripes.
+
+- Avoid a harmless (and wrong?) undefined behaviour sanitizer error
+  when calling memcpy(ptr, NULL, 0) in the name tokeniser.
+
+- Fixed possible uninitialised memory access in
+  rans_uncompress_O1_4x16.  If the frequency table didn't add up to
+  the correct amount, parts of the "fb" table were left unpopulated.
+  It was then possible to use these array elements in some of the rANS
+  calculations.
+
+- Similarly rans_uncompress_O0 could access an uninitialised element
+  4095 of the decoder tables if the frequencies summed to 4095 instead
+  of the expected 4096.
+
+- Improved error detection from fqzcomp's read_array function.
+
+- Reject fqzcomp parameters with inconsistent "sel" parameters, which
+  could lead to uninitialised access to the model.sel range coder.
+
+
 Release 1.2.1: 15th February 2022
 ---------------------------------
 

diff --git a/configure.ac b/configure.ac
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(htscodecs, 1.2.1)
+AC_INIT(htscodecs, 1.2.2)
 
 # Some functions benefit from -O3 optimisation, so if the user didn't
 # explicitly set any compiler flags, we'll plump for O3.
@@ -60,7 +60,7 @@ AM_MAINTAINER_MODE
 #       libhtscodecs.so.1.1.0
 
 VERS_CURRENT=2
-VERS_REVISION=5
+VERS_REVISION=6
 VERS_AGE=0
 AC_SUBST(VERS_CURRENT)
 AC_SUBST(VERS_REVISION)

diff --git a/htscodecs/htscodecs.h b/htscodecs/htscodecs.h
@@ -43,7 +43,7 @@
  * Note currently this needs manually editing as it isn't automatically
  * updated by autoconf.
  */
-#define HTSCODECS_VERSION 100201
+#define HTSCODECS_VERSION 100202
 
 /*
  * A const string form of the HTSCODECS_VERSION define.